Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Hardware Installation
Guide
Copyright 2004 Nortel Networks, Inc.,4655 Great America Parkway, Santa Clara, California 95054, USA.
All rights reserved. Part Number: 217016-A, Revision A.
This document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this document may be reproduced in any form by any means
without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without
warranty of any kind, either express or implied, including any kind of implied or express warranty of non-
infringement or the implied warranties of merchantability or fitness for a particular purpose.
U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR
2.101 (Oct 1995) and contains “commercial technical data” and “commercial software documentation” as
those terms are used in FAR 12.211-12.212 (Oct 1995). Government End Users are authorized to use this
documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR
12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995).
Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without
notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products
described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of
this product does not convey a license under any patent rights, trademark rights, or any other intellectual
property rights of Nortel Networks, Inc.
Alteon, Alteon Switched Firewall, Alteon 5008, 5010, 5014, 5300, 5400, 5600, 5700, 6400, 5308, 5408,
5610, 5710, 6414, Alteon Firewall Director, Firewall OS, Alteon SFA, Alteon Firewall Accelerator, and
Alteon Accelerator OS are trademarks of Nortel Networks, Inc. in the United States and certain other
countries. Any other trademarks appearing in this manual are owned by their respective companies.
Check Point, SecureXL, and SmartCenter, are trademarks of Check Point Software Technologies Ltd.
FireWall-1 and VPN-1 are a registered trademark of Check Point Software Technologies Ltd. Any other
trademarks appearing in this manual are owned by their respective companies.
Portions of this manual are Copyright © 2001 Dell Computer Corporation. All Rights Reserved.
Export
This product, software and related technology is subject to U.S. export control and may be subject to export
or import regulations in other countries. Purchaser must strictly comply with all such laws and regulations.
A license to export or reexport may be required by the U.S. Department of Commerce.
Licensing
2
217016-A, November 2004
Alteon Switched Firewall 4.0.2 Hardware Installation Guide
Regulatory Compliance
This digital apparatus does not exceed the Class A limits for radio-noise emissions from digital apparatus
as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Règlement sur le brouillage radioélectrique du ministère des Communications
Cet appareil numérique respecte les limites de bruits radioélectriques visant les appareils numériques de
classe A prescrites dans le Règlement sur le brouillage radioélectrique du ministère des Communications
du Canada.
This is to certify that the Nortel Networks equipment are shielded against the generation of radio
interference in accordance with the application of Council Directive 89/336/EEC. Conformity is declared
by the application of EN 55 022 Class A (CISPR 22).
Warning: This is a Class A product. In a domestic environment, this product may cause radio interference,
in which case, the user may be required to take appropriate measures.
3
217016-A, November 2004
Alteon Switched Firewall 4.0.2 Hardware Installation Guide
Achtung: Dieses ist ein Gerät der Funkstörgrenzwertklasse A. In Wohnbereichen können bei Betrieb
dieses Gerätes Rundfunkstörungen auftreten, in welchen Fällen der Benutzer für entsprechende
Gegenmaßnahmen verantwortlich ist.
Attention: Ceci est un produit de Classe A. Dans un environnement domestique, ce produit risque de créer
des interférences radioélectriques, il appartiendra alors à l’utilisateur de prendre les mesures spécifiques
appropriées.
EN 55 024 statement
This is to certify that the Nortel Networks equipment is shielded against the susceptibility to radio
interference in accordance with the application of Council Directive 89/336/EEC. Conformity is declared
by the application of
EN 55 024 (CISPR 24).
EC Declaration of Conformity
4
217016-A, November 2004
Alteon Switched Firewall 4.0.2 Hardware Installation Guide
This is to certify that the Nortel Networks equipment are in compliance with the requirements of EN 60
950 in accordance with the Low Voltage Directive. Additional national differences for all European Union
countries have been evaluated for compliance. Some components installed within the 8000 Series chassis
may use a nickel-metal hydride (NiMH) and/or lithium-ion battery. The NiMH and lithium-ion batteries
are long-life batteries, and it is very possible that you will never need to replace them. However, should you
need to replace them, refer to the individual component manual for directions on replacement and disposal
of the battery.
Lithium Battery Cautions
Caution—This product contains a lithium battery. Batteries are not customer replaceable parts. They may
explode if mishandled. Do not dispose of the battery in fire. Do not disassemble or recharge.
(Norge) ADVARSEL—Litiumbatteri - Eksplosjonsfare. Ved utskifting benyttes kun batteri som anbefalt
av apparatfabrikanten. Brukt batteri returneres apparatleverandøren.
(Sverige) VARNING—Explosionsfara vid felaktigt batteribyte. Använd samma batterityp eller en
ekvivalent typ som rekommenderas av apparattillverkaren. Kassera använt batteri enligt fabrikantens
instruktion.
Caution—Nortel Networks products are designed to work with single-phase power systems having a
grounded neutral conductor. To reduce the risk of electric shock, do not plug Nortel Networks products into
any other type of power system. Contact your facilities manager or a qualified electrician if you are not
sure what type of power is supplied to your building.
Caution—Not all power cords have the same ratings. Household extension cords do not have overload
protection and are not meant for use with computer systems. Do not use household extension cords with
your Nortel Networks product.
Caution—Your Nortel Networks product is shipped with a grounding type (three-wire) power cord. To
reduce the risk of electric shock, always plug the cord into a grounded power outlet.
5
217016-A, November 2004
Alteon Switched Firewall 4.0.2 Hardware Installation Guide
6
217016-A, November 2004
Contents
Preface 5
Product Name & Platform Changes 5
Who Should Use This Book 5
How This Book Is Organized 6
Related Documentation 6
How to Get Help 7
Overview 9
Feature Summary 10
Basic Topology 11
Required Equipment 14
ASF Components 15
Firewall Models and Capacity 16
Safety Precautions 17
Firewall Director 19
Hardware Features 20
Physical Description 21
Removing and Installing the Bezel 22
Front Panel Without the Bezel 23
Rear Panel 23
LED Status Conditions 25
Mounting the 5014 Director 26
Rack Installation 26
Standalone Installation 29
Connecting a Console Terminal 30
Requirements 30
Console Connector and Cable Specifications 31
Establishing a Connection 31
1
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Firewall Accelerator 33
Physical Description 34
Firewall Accelerator 6600 34
Firewall Accelerator 6400 34
Rear Panel 35
Side Panel 35
Ports 35
SFP GBICs 36
37
Dual-Mode Ports 37
Default NAAP and Data Ports 38
Console Port 38
LEDs 39
Installing the Firewall Accelerator 40
Preparing for Installation 40
Installing the Switch 41
Rack-Mounting the Switch 41
Connecting Power 43
Connecting Network Cables 44
Basic ASF 6600 Network Topology 45
Basic ASF 6400 Network Topology 47
Network Connector and Cable Specifications 49
RJ-45 Connector Specifications for 10/100/1000 Mbps Ethernet 49
Network Ports 49
Gigabit Ethernet via the Fiber Optic LC Connector 49
10/100/1000 Mbps Ethernet via the RJ-45 Connector 50
Connecting to the Console Port 50
Establishing a Console Connection 51
Using Network Ports 51
Upgrading the Software 52
Troubleshooting 53
Link/Activity LED Does Not Light 53
Symptom 53
Cause 53
Action 53
Fan LED is Amber 54
Symptom 54
2
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Cause 54
Action 54
Switch Will Not Boot 55
Symptom 55
Cause 55
Action 55
Specifications 57
Firewall Director 5014 58
Physical Characteristics 58
Power Requirements 58
Port Specifications 58
Supported Standards 59
Environmental Specifications 59
Certifications 59
Firewall Accelerator 6600 and 6400 61
Physical Dimensions 61
Power Requirements 61
Supported Standards 61
Port Specifications (ASF 6600 and ASF 6400) 62
Environmental Specifications 62
Mechanical Specifications 63
Certifications 63
Index 65
3
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
4
217016-A, November 2004
Preface
This manual describes the features, installation process, initial configuration and specifications
of the Alteon Switched Firewall models 6614 and 6414.
For full documentation on configuring and using the Alteon Switched Firewall’s many soft-
ware features, see the software manuals mentioned in “Related Documentation” on page 6.
Although this manual uses the new product names and hardware descriptions, the Alteon
Switched Firewall version 4.0.2 software is compatible with any legacy Alteon products you
may currently use.
5
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Chapter 2, “Firewall Director,” provides the hardware features and physical description of
the front and rear panels of the ASF 5014. This chapter also describes how to install and mount
the system.
Chapter 3, “Firewall Accelerator,” describes how to install the Firewall Accelerators 6600
and 6400 models and connect it to the Firewall Director.
Related Documentation
For detailed information about the functionality and configuration of the Alteon Switched
Firewallsee the following documentation:
Alteon Switched Firewall User’s Guide and Command Reference (Part Number 215709-
B) published in November 2004.
Alteon Switched Firewall Browser-Based Interface Guide (Part Number 215710-B) pub-
lished in November 2004.
6 Preface
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
If you purchased a Nortel Networks service program, contact one of the following Nortel Net-
works Technical Solutions Centers:
Additional information about the Nortel Networks Technical Solutions Centers is available at
the following URL:
http://www.nortelnetworks.com/help/contact/global
An Express Routing Code (ERC) is available for many Nortel Networks products and services.
When you use an ERC, your call is routed to a technical support person who specializes in sup-
porting that product or service. To locate an ERC for your product or service, refer to the fol-
lowing URL:
http://www.nortelnetworks.com/help/contact/erc/index.html
Preface 7
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
8 Preface
217016-A, November 2004
CHAPTER 1
Overview
The Alteon Switched Firewall is a high-performance firewall system for network security. The
system uses a versatile, multi-component approach to deliver unparalleled firewall processing
power, reliability, and scalability.
The Alteon Switched Firewall is a combination of dedicated hardware and software (hardened
OS, security applications, and networking technology). It addresses the needs for security, per-
formance and ease of use.
To enhance versatility, the Alteon Switched Firewall is a multi-component solution. ASF hard-
ware is a combination of Alteon Firewall Accelerators and Alteon Firewall Directors. ASF
software is a combination of Alteon Accelerator OS software and the Firewall-1® NG soft-
ware from Check Point™ Software Technologies Ltd. By using the throughput of a Gigabit
switch controlled by the Check Point inspection engine, the speed of the firewall is dramati-
cally increased. If you need more connections per second, additional Firewall Directors can be
added.
9
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Feature Summary
The following features have been added to the Alteon Switched Firewall release 4.0.2 since the
last major release:
10 Chapter 1: Overview
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
The Check Point policy must allow the SSH connection between the remote user and
the ASF.
Backup and Restore Firewall Configuration
ASF 4.0.2 allows you to backup the Director configuration and restore it later to the same
state. The restore operation will restore the configuration in the registry as well as the
Check Point SIC and policy.
The backup and restore feature is for a Director only and not the cluster. To backup an
entire cluster, you must login to each Director and create backups separately. You cannot
create a backup from one member of the cluster and use it to restore another member. A
backup taken from a Director can be used only to restore that same Director or a replace-
ment for that Director.
Supports port mirroring on the Firewall Accelerator 6600 and 6400
Supports SecureXL™ 2.1 with Application Intelligence (AI) software
Load balances Intrusion Detection System (IDS) servers
Alteon Switched Firewall 4.0.2 is designed to load balance traffic to IDS servers which
perform in-depth traffic analysis and detects inappropriate, incorrect, or anomalous activ-
ity on your network. In addition to load balancing IDS systems, ASF supports port mirror-
ing which allows specific network ports to be monitored by replicating the traffic to
another port.
Basic Topology
The classic software firewall model can become a security speed bump. Typically, data enters
from one network card, passes through the a policy inspection engine, and is deposited on
another network card. When relying on the single processing path such systems offer, there are
major limitations on speed and expandability.
The Alteon Switched Firewall solution flattens the security speed bump and boosts the speed
of data.
Chapter 1: Overview 11
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Server Cluster
Classic Firewall Scenario
Firewall
Clients Switch
Router
Internet
Server Cluster
Alteon Switched Firewall Solution Alteon Switched Firewall
Clients Firewall Acceleration
Router
Internet
Firewall
Accelerator
Load Balanced
Firewall Traffic
Control
Firewall Directors
Untrusted Networks Trusted Networks
The Alteon Switched Firewall is placed in the path between your various trusted, semi-trusted,
and untrusted networks. It examines all traffic moving between the connected networks and
either allows or blocks that traffic, depending on the security policies defined by the adminis-
trator. The Alteon Switched Firewall consists of multiple Firewall Director and Firewall
Accelerator components that are clustered together to act as a single system.
Firewall Director
The Firewall Director is a compact, high-performance computing device running Firewall
OS software. It uses built-in Check Point FireWall-1 NG software to inspect network traffic
and enforce firewall policies. For increased firewall processing power, additional Firewall
Directors can be attached to the cluster. For more information on Firewall Directors, see
Chapter 2, “Firewall Director.”
Firewall Accelerator
The Firewall Accelerator is an Alteon switch running Accelerator OS software. It offloads
the processing of secured traffic from the Firewall Director, enhancing firewall performance.
For high-availability configurations, a second Firewall Accelerator and Firewall Director
can be attached to the cluster.
12 Chapter 1: Overview
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Untrusted
Client
Trusted
Internet Network
Untrusted
Networks
DMZ Servers
11353EA
Chapter 1: Overview 13
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Required Equipment
The Alteon Switched Firewall system requires the following minimum components:
One standard 19-inch open or closed rack to mount the system (see page 26, page 38, and
page 83) 2-1/2 U mounting space in:
A standard 19-inch open-frame relay rack with two 3-inch or 6-inch posts
or
A standard 19-inch enclosed four-post cabinet
One Alteon Firewall Accelerator
Each Firewall Accelerator is shipped separately and includes the following items which
may be required during installation:
A/C power cord—the unit is shipped with one U.S. standard and one EU standard
power cord. Country-specific power cords are available separately.
Rack mounting kit
One Alteon Firewall Director (see Table 2-1 on page 20 for system compatibility)
Each Firewall Director is shipped separately and includes the following items that may be
required during installation:
A/C power cord—the unit is shipped with one U.S. standard and one EU standard
power cord. Country-specific power cords are available separately.
Console cable
One two-post open rack installation kit for flush mounting or center mounting
One four-post rack installation kit for cabinet mounting
You need the following tools and supplies to install the components:
#2 Phillips screwdriver
11/32-inch wrench or nut driver (if changing Firewall Director bracket to flush-mount
configuration)
A straight edge or ruler to ensure that the unit is installed at level
Masking tape or felt-tip pen to mark the rack mounting position
14 Chapter 1: Overview
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
ASF Components
Figure 1-3 shows the ASF components shipped with the Firewall Accelerator 6600.
3 1
11431FA
5. ASF Software and Documentation Kit (Firewall Accelerator software, Firewall Director
software and Documentation CD
Similar to Figure 1-3, Firewall Accelerator 6400 and Firewall Director 5014 are shipped with
equivalent components. The connectors that fits into the gigabit ports are not shipped with the
product. For more information, see “SFP GBICs” on page 36.
Chapter 1: Overview 15
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Table 1-1 shows the available ASF products with different Firewall Accelerator and Firewall
Director models.
To achieve the desired performance from your ASF, you must use compatible Alteon Switched
Firewall components. To sustain high levels of throughput, Firewall Accelerators 6400 should
be connected to Firewall Director 5014 only.
The maximum concurrent connections on the Alteon Switched Firewall is limited by the mem-
ory in the Firewall Accelerator. The Firewall Director however, has more memory and, there-
fore can hold more connections than the Accelerator.
Session
Firewall Number Type of Ports Connector Capacity with
Accelerator of Ports Type Firewall
Director
16 Chapter 1: Overview
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Safety Precautions
Always observe the precautions in the manuals for this and all other equipment you are installing.
Assembly
CAUTION—The two-post open-frame relay rack must be properly secured and stabilized
! according to the rack manufacturer or industry specifications before installing the components.
The four-post cabinet rack must meet the relevant ANSI/EIA-310-D-92, IEC 297, or DIN
41494 specifications.
Use extreme caution when moving a rack cabinet. Rack cabinets can be extremely heavy and
yet move easily on their casters and have no brakes. Retract the leveling feet when moving the
rack cabinet. Avoid long or steep inclines or ramps where loss of cabinet control may occur.
When the cabinet is positioned, extend the leveling feet for support and to prevent the cabinet
from rolling.
Use the rack-mount kits only with the components for which they were designed. Using kits from
other systems may result in damage to the components and personal injury to yourself and others.
Do not place or rack-mount the equipment in any way which exceeds the maximum weight-bear-
ing capacity of the surface or rack, or cause potentially hazardous uneven mechanical loading. If
using components with extendable trays or slide mechanisms, do not extend more than one com-
ponent at any given time. Do not climb on the rack or step or stand on any component in the rack.
To avoid pinching your fingers or hands, use caution when pressing component rail release
latches and when sliding components into or out of the rack.
Power
CAUTION—Make sure the device is properly grounded electrically and that power connections
! are safe, particularly when using power strips.
Avoid overloading your electrical supply circuits. Electrical ratings are printed on all your
equipment. Be sure that your supply circuits and wiring can support the rated power draw of
whatever equipment is used. The total branch load should not exceed 80% of the circuit rating.
Temperature
CAUTION—For proper air circulation, the air vents on the devices should not be blocked or
! obstructed by cables, panels, or other materials.
The ambient temperature of an operating the equipment must not exceed 40oC. When install-
ing the devices in a closed or multi-unit rack assembly, please consider that the operating
ambient temperature of the equipment may be higher than the ambient temperature of the
room. Take appropriate steps to ensure that the devices do not overheat.
Chapter 1: Overview 17
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
18 Chapter 1: Overview
217016-A, November 2004
CHAPTER 2
Firewall Director
This chapter provides step-by-step instructions for physically installing the Alteon Firewall
Director 5014. It is assumed that the other components of your network (routers, servers, hubs,
and so on) have already been physically installed.
NOTE – The instructions in this chapter are for installing the Firewall Director only. For con-
figurations with multiple Firewall Directors, first install the minimum system as described in
this chapter, then perform initial setup as described in the ASF User’s Guide and Command
Reference. Once the minimum system is fully configured, add the extra components as
described in the ASF User’s Guide and Command Reference.
19
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Hardware Features
Table 2-1 describes the hardware features of Firewall Director 5014.
RAM 1 GB
Physical Description
This section describes the Firewall Director model 5014 as shown in Figure 2-1.
Figure 2-1 Front Panel of the Firewall Director 5014 with the Bezel
Table 2-2 describes the front panel LEDs shown in Figure 2-1.
CAUTION—The reset button does a “cold start reset” and automatically reboots the Firewall
! Director. However, Nortel recommends using the Command Line Interface (CLI) to do a boot
reset. If the Firewall Director does not reset via the CLI, then use this reset button.
To install the bezel, slide the bezel on the face plate as shown in Figure 2-2 and follow the
steps below:
11138EA
1. Lift the flap that is located at the left end of the bezel.
2. Slide the bezel on the face plate from right to left, until the edge of the bezel aligns with
the edge of the face plate lengthwise. (See 1 in Figure 2-2.)
3. Keep sliding all the way over until you hear a click, which means the bezel has locked on
to the face plate.
1 2 3 4 6 7
Figure 2-3 Front Panel of Firewall Director 5014 with Bezel Removed
1. CD-ROM drive
5. Reset button
Rear Panel
2 1
ACT/LINK B
ACT/LINK A
3 4 5 6 7 8 9
Figure 2-4 Rear Panel of the Firewall Director 5014
3. AC Receptacle
4. Keyboard Connector
6. Video Connector
9. Serial Connector (DTE) for system configuration and diagnostics (console connection)
Proceed to the section on “Mounting the 5014 Director” on page 26 to install the Firewall
Director 5014.
The table below describes the various states represented by the lights and conditions of the
LEDs on different ports.
Rack Installation
The following procedure is for installing the Firewall Directorin a standard 19-inch two-post
open-frame relay rack or a four-post enclosed rack cabinet.
A straight edge or a ruler to install the unit at level and a masking tape or a felt-tip pen to
mark the mounting holes.
#2 Phillips screwdriver.
Someone to hold the unit in place while you secure it in the rack.
NOTE – Do not use the included rubber feet for a rack installation.
2. If you are installing the unit in a cabinet, remove the cabinet doors and side panels
according to the instructions that came with your cabinet.
This will provide easy access for the rest of the installation procedure.
3. Determine where you want to place the bottom of the Firewall Director within the rack.
NOTE – If you are installing more than one system, install the first system in the lowest avail-
able position in the rack.
0.5" 0.5"
12.7mm 12.7mm
0.625"
15.9mm
1U 1.25"
1.75" 31.7mm
44mm
0.625"
15.9mm
0.5" 0.5"
12.7mm 12.7mm
(Actual Size)
Be sure to mark the same space on both the left and right rails.
5. Install the unit as shown using the appropriate screws for your rack-mount system (four
10-32, 12-24, M5X.8-6H, or M6X1-6H type screws).
NOTE – The Firewall Director comes from the factory with heavy-duty rack-mounting brack-
ets already attached. If the brackets have been previously removed (possibly to facilitate using
the unit in a standalone table-top configuration), you must reattach them.
7. If you installed the unit in a cabinet, reattach the cabinet rack doors and side panels
according to the instructions that came with your cabinet.
Standalone Installation
1. Unpack the Firewall Director from its shipping box.
2. Remove the heavy-duty rack-mounting brackets from each side of the unit.
Store the brackets and any unused screws in a safe place for possible future use.
3. Connect the two table-top bezel-mounting brackets to the unit using screws removed in
the previous step.
4. Attach the four included rubber feet to the bottom of the unit chassis.
This section explains how to connect a console terminal to the Firewall Director serial port for
system configuration.
Requirements
To establish a console connection on the Firewall Director, the following is required:
An ASCII terminal or a computer running ASCII terminal emulation software set to the
parameters shown in the table below:
Parameter Value
A standard straight-through serial cable with a male DB9 connector (included with the
Firewall Director). An equivalent cable can be made as outlined in the next section.
1 CD
2 TxD (Output)
DB-9 male
1 5 3 RxD (Input)
4 DTR
5 GND (Ground)
6 DSR
7 RTS
6 9
8 CTS
9 Not used
Console cables are not intended for permanent installation and should be disconnected from
the console port after configuring the Alteon Switched Firewall.
Establishing a Connection
1. Connect the terminal to the serial port using the correct serial cable.
When connecting to a Firewall Director, use a standard serial cable with a male DB9 connector
(both shipped with the Firewall Director).
33
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Physical Description
Console
3 4 5 6
9 10 11 12
Link/Act
Rx Tx Rx Tx Rx Tx Rx Tx Rx
Link/Act 1 2 3 4 5 6 7 8
Management
POWER FAN
11351EA
For information on NAAP and data ports, refer to “Default NAAP and Network Ports” on page
38.
ASF 6400
Management Port
(not supported)
Rear Panel
The rear panel of the Firewall Accelerator 6600 and 6400 with a power supply inlet and multiple
holes for ventilation is shown in Figure 3-3.
Side Panel
There are multiple holes on the side panels to allow proper ventilation and six threaded holes
on each side for the rack-mounting brackets.
Ports
The following table displays the number of copper gigabit ports and fiber ports also called
Small Form Pluggable (SFP) Gigabit Interface Converters (GBIC) ports supported on the 6600
and 6400 accelerator models.
SFP GBICs
Figure 3-4 displays the LC jack connector and the SFP that fits into the port socket.
The LC jack is used for connecting gigabit ethernet fiber optic segments. The LC optical (SX
or LX) SFP GBICs are not shipped with the product and must be purchased separately. To
order the connectors, see Nortel part numbers listed in Table 3-2.
Table 3-2 The Part Number Matrix of Small Form Factor Pluggable Modules
Type Reach Connector Nortel Order
Number
1000Base SX LC Type AA1419046
1000Base LX LC Type AA1419047
CAUTION—Use only Nortel approved class 1 SFP GBIC optical transceiver modules that are
! rated IEC or FDA CLASS 1. Do not use modules that are marked with laser classifications
higher than CLASS 1. Using other than Nortel approved modules may damage the product and
cause bodily injury.
NOTE – The SFP GBICs are hot swappable. You may install or remove the SFP GBIC while
the system is in operation, with no impact to network connectivity. Firewall Accelerator auto-
matically recognizes the SPF GBIC.
12
11
10
9
ent
Link/Act Managem
ASF 6600
FAN
POWER
12
11
10
9
ent
Link/Act Managem
ASF 6600
FAN
POWER
Dual-Mode Ports
The four dual-mode ports (3, 4, 5, and 6) on the Firewall Accelerator 6600 have two interfaces
each: 1000 Mbps SFP fiber and 10/100/1000Base-T copper. When the 1000 Mbps SFP fiber
port is selected as the preferred link, it is fixed at 1000 Mbps, full-duplex with autonegotiation
turned on.
When the 10/100/1000Base-T copper port is selected as the preferred link, it can be configured
at any speed. You can set either interface as the preferred or backup link. If autonegotiation is
disabled, only the preferred link will work and will not failover to the backup link.
Firewall Accelerator 6600 Ports 11 and 12 Ports (Copper and Fiber): 1—10
Firewall Accelerator 6400 Ports 1, 24, 27, and 28 Fast Ethernet RJ-45 network
ports: 2—23
SFP GBIC ports: 25 and 26
Console Port
The console port consists of a female DB-9 serial connector labeled Console for the DCE con-
nector. See “Connecting to the Console Port” on page 50 for details.
LEDs
The FE port on the Firewall Accelerator 6400 has two LEDs embedded into the RJ-45 connec-
tors. There is one LED for each SFP GBIC port on the Firewall Accelerator 6400 and 6600.
The LEDs light up to indicate the various port connection conditions.
Figure 3-7 Port LED Layout for the Top and Bottom Row of the FE Ports
The table below describes the various states represented by the lights and conditions of the
LEDs on different ports.
NOTE – The console cable is not intended for permanent installation and should be discon-
nected from the console port after configuring the switch.
Japan 7918
5. Connecting the power inlet of the switch to the appropriate power source.
CAUTION—Observe the following precautions when selecting a site and installing the switch:
! Make sure the equipment is properly grounded electrically, and that the power connections are
safe, particularly when using power strips.
Avoid overloading your electrical supply circuits. Electrical ratings are printed on the name-
plates of all your equipment. Be sure that your supply circuits and wiring can support the rated
power draw of whatever equipment is used.
The ambient temperature of an operating Alteon Switched Firewall must not exceed 40oC.
When installing the switch in a closed or multi-unit rack assembly, please consider that the
operating ambient temperature of the switch may be higher than the ambient temperature of the
room. Take appropriate steps to ensure that the switch does not overheat.
For proper air circulation, the vents on the front, back, and sides of the switch should not be
blocked or obstructed by cables, panels, rack frames, or other materials.
Do not place or rack-mount the switch in any way which would exceed the maximum weight
bearing capacity of the surface or rack, or which would cause potentially hazardous uneven
mechanical loading.
1. Connect the two mounting brackets to the switch using the supplied screws as shown in
the following figure. Mounting brackets can be attached at mid-mount position or face-
plate mount depending upon your required configuration.
2. Then, install the switch as shown in the figure below using the appropriate screws for
your rack-mount system (four 10-32, 12-24, M5X.8-6H, or M6X1-6H type screws).
To identify an appropriate 1U position on your rack, see “Rack Installation” on page 26.
Link/A
ct
1 3
2
3 4
4 Rx 5
Tx
Rx 6
Tx
Rx
Tx
Rx
Tx
Rx
5
6
7
8
Link/Act
9
10 Console
POW 11
ER
12
FAN
Man
agem
ent
11352FA
Connecting Power
Following are the instructions for connecting the Alteon Switched Firewall.
1. Connect the power cord to the switch. Verify that the power switch is in the off position.
Check Point
TM
SmartCenter
Untrusted Network
Intranet
ACT/LINK A
Alteon
Switched Firewall
Console
By default, the various ports on the Firewall Accelerator are reserved for specific purposes:
Data enforcement ports 1 though 10 are reserved for connecting trusted, untrusted and
semi-trusted networks to the firewall.
NAAP port 12 is used in high availability scenarios, to connect to another Firewall Accel-
erator 6600.
NAAP port 11 is reserved for Firewall Director connection.
The NAAP port can also be configured for use as regular network ports. See the Alteon
Switched Firewall 4.0.2 User’s Guide and Command Reference for more information.
However, you must connect the Firewall Director to one of the NAAP ports and download
the modified configuration. The updated configuration should continue to retain this spe-
cific port as a NAAP port. Otherwise, you will see a sudden loss of connection to the
Director and you may not get a successful response when this port becomes a non-NAAP
port.
Using the reserved ports, connect the network cables as follows:
NOTE – See “Network Connector and Cable Specifications” on page 49 for cable information.
In Figure 3-10 on page 45, port 11 on the Firewall Accelerator is connected to port 1 on the
Firewall Director 5014.
2. Connect the trusted, untrusted and semi-trusted network feeds into any of ports 1
through 10.
All network ports are auto-negotiating and support half- or full-duplex operation. Network
ports 1 through 8 have a RJ-45 connector for 10/100/1000 Mbps Ethernet segments. Network
ports 3—6, 9 and 10 have a LC-style fiber optic connector for Gigabit Ethernet (1000Base-SX)
segments. NAAP ports can also be used to connect to network segments after you disable
NAAP on the port.
Check Point
TM
SmartCenter
Untrusted Network
Intranet
ACT/LINK A
Alteon
Switched Firewall
Console
By default, the various ports on the Firewall Accelerator are reserved for specific purposes:
Data enforcement ports 2 though 23, 25, and 26 are reserved for connecting trusted,
untrusted and semi-trusted networks to the firewall.
NAAP ports 1, 24, 27, and 28 are reserved for Firewall Director connections.
These NAAP can also be configured for use as regular network ports. See the Alteon
Switched Firewall 4.0.2 User’s Guide and Command Reference for more information.
However, you must connect the Firewall Director to one of the NAAP ports and download
the modified configuration. The updated configuration should continue to retain this spe-
cific port as a NAAP port. Otherwise, you will see a sudden loss of connection to the
Director and you may not get a successful response when this port becomes a non-NAAP
port.
Using the reserved ports, connect the network cables as follows:
1. Attach the Firewall Director 5014 to any of Firewall Accelerator ports 1, 24, 27, or 28
To sustain high levels of throughput, the high-capacity Firewall Accelerator 6400 should be
connected only to high-capacity Firewall Director 5014.
Connect any of the Firewall Accelerator ports 1, 24, 27, or 28 to the dedicated Firewall Direc-
tor uplink port. The uplink port uses the gigabit fiber optic LC connector.
NOTE – See “Network Connector and Cable Specifications” on page 49 for cable information.
In Figure 3-11, port 28 on the Firewall Accelerator is connected to port 1 on the Firewall
Director 5014.
2. Connect the trusted, untrusted and semi-trusted network feeds into any of ports 2
through 23, 25, or 26.
All network ports are auto-negotiating and support half- or full-duplex operation. Network
ports 2—23 have a RJ-45 connector for 10/100 Mbps Ethernet (10Base-T or 100Base-TX)
segments. Network ports 25 and 26 have a LC-style fiber optic connector for Gigabit Ethernet
(1000Base-SX) segments.
For more information on port specifications and standards, refer to the section on “Port Speci-
fications (ASF 6600 and ASF 6400)” on page 62.
NOTE – 100Base-T and 1000Base-T signaling requires four twisted pairs of Category 5 bal-
anced cabling, as specified in ISO/IEC 11801:1995 and EIA/TIA-568-A (1995) and tested
using procedures defined in TIA/EIA TSB95.
Network Ports
Each SFP GBIC port on the Firewall Accelerator has transmit and receive ports. The transmit
(Tx) is on the left side and receive (Rx) is on the right side of the SFP.
All ports support full-duplex operation. The 10/100/1000 Mbps copper ports auto-negotiate,
and also support half-duplex operation.
The port LEDs light up to indicate the various port connection conditions. See Table 3-4 on
page 39 for details.
An ASCII terminal or a computer running ASCII terminal emulation software set to the
parameters shown in the table below:
Parameter Value
The console port accepts a straight-through serial cable with a male DB9 connector.
1 CD
2 TxD (Output)
DB-9 male
1 5 3 RxD (Input)
4 DTR
5 GND (Ground)
6 DSR
7 RTS
6 9
8 CTS
9 Not used
1. Connect the terminal to the Console port of the switch using the serial cable.
See “Port Menu Options” in the Alteon Switched Firewall 4.0.2 User’s Guide and Command
Reference for detailed information on using the Network Ports.
Symptom
The Link LED (green) does not light. When you check the Link state using the console termi-
nal (see the switch software manuals), the status is reported as down.
Cause
A port configuration mismatch between two devices or a cable problem.
Action
If the switch port is configured with a specific speed or duplex mode (for example, 100 Mbps,
full duplex) check to see that the other device is set to the same configuration. If the switch
port is configured to auto-negotiate, verify to see that the other device is also set to auto-nego-
tiate. Refer to the switch software manuals for more information about port configuration, set-
ting speed and mode.
53
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Symptom
The fan LED is lit in amber color.
Cause
Fan Failure: One or more fans have stopped functioning. The syslog message: “Fan fail-
ure detected” appears on the screen.
Insufficient Cooling: The fan-fail LED is amber if the internal temperature of the switch
exceeds 60oC. The syslog message: “Temperature exceeds threshold” appears on the
screen.
These messages are also appended to the output from /info/sys commands.
Action
Make sure that the air circulation vents on the front, back, and sides of the switch are free
from obstruction by cables, panels, rack frames, or other materials.
Make sure that all cooling fans inside the switch are running. The fans are located behind
the ventilation grill at the rear of the switch. The exhaust from all the fans should be blow-
ing outward with roughly equal air pressure (although it is normal for the exhausts to have
different temperatures). You can also use a flashlight to check whether the fan blades are
moving. If any fan stops during switch operation, contact Nortel Networks’ customer sup-
port.
Remember that units in a closed or multi-unit rack assembly may have an operating ambi-
ent temperature higher than the ambient temperature of the room. The ambient tempera-
ture of an operating switch must not exceed 40oC. If the operating ambient temperature
cannot be lowered before this maximum is reached, turn off the switch and let it cool.
It may be necessary to cool the room to a lower temperature or provide a fan for greater air
circulation. Resolve the room’s cooling and circulation problems before turning the switch
back on.
After taking the above actions, when the switch comes to normal temperature, the following
messages appear on the screen: “Temperature OK” (if temperature previously exceeded thresh-
old), “Fan OK” (if a fan had previously failed). No temperature or fan information is appended
to the output from /info/sys.
54 Chapter 4: Troubleshooting
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Symptom
The Alteon Switched Firewall power stays on and the command prompt does not appear on the
console.
Cause
The operating system may have been damaged.
Action
Turn the power off and turn it back on before reinstalling the software as described in Chapter
8, “Upgrading the Software” of the Alteon Switched Firewall User’s Guide and Command Ref-
erence.
Chapter 4: Troubleshooting 55
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
56 Chapter 4: Troubleshooting
217016-A, November 2004
APPENDIX A
Specifications
This appendix describes the specifications, standards, and certifications for the Firewall Direc-
tor 5014 and Firewall Accelerator 6600 and 6400.
57
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Physical Characteristics
Characteristic Measurement
Chassis 1U/19 inch rack mount; 1.75 inches (h) x 16.69 inches (w) x 16.54 inches (d)
Memory 1 GB RAM
Power Requirements
Specification Measurement
AC Power Power Supply 203 Watts
Input Voltage 100-127 VAC / 200-240 VAC
auto-sensing 47-63Hz
Port Specifications
Port Connector Media Maximum Distance
10Base-T RJ-45 Category 3, 4, or 5 UTP 100 meters (325 feet)
100Base-TX RJ-45 Category 5 UTP 100 meters (325 feet)
1000Base-TX RJ-45 CAT 5e 100 meters (325 feet)
1000Base-SX LC Shortwave (850 nm): 2 to 275 meters
62.5 micron MM fiber 2 to 550 meters (6.5 to 1804 feet)
50 micron MM fiber
Console (DCE) Female DB-9 RS-232C (serial) 25 meters (80 feet)
58 Appendix A: Specifications
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Supported Standards
Logical Link Control (IEEE 802.2)
10Base-T/100Base-TX (IEEE 802.3, 802.3u)
1000Base-SC (IEEE 802.3, 802.3z)
IP
TFTP (RFC 783)
Environmental Specifications
Condition Operating Specification Storage Specification
Temperature 0° to 40° C (+32° to +104° F) –40° to 85° C (–13° to 185° F)
Relative humidity 85% maximum, non-condensing 95% maximum, non-condensing
96 hrs. @40°, 85% 96 hrs. @40°, 90-95%
Altitude up to 2,133 meters (7,000 feet) up to 10,668 meters (35,000 feet)
Shock 5 shock pulses of 3.5 G for up to 3ms 35G, 11 ms duration
to machine base equivalent to 763 mm (2.5 ft) drop
Vibration 3 axis, 30 min./axis, 3 axis, 15 min./axis
sine accel. of 0.06 G at 50-60Hz. 1.04 G full RMS, 2-200 Hz
Acoustic Noise 6.5 bell maximum during operation
Certifications
Category Compliance
Appendix A: Specifications 59
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Category Compliance
60 Appendix A: Specifications
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Physical Dimensions
Power Requirements
Specification Measurement
Auto-ranging power supply 100-240 VAC @ 3.5 Amps, 50-60 Hz
Maximum power consumption 250 Watts
Typical power consumption 110 Watts
Supported Standards
Logical Link Control (IEEE 802.2)
10Base-T/100Base-TX (IEEE 802.3, 802.3u)
1000Base-SX (IEEE 802.3z)
Flow Control (IEEE 802.3x)
Link Negotiation (IEEE 802.3z)
Frame Tagging (IEEE 802.1Q) on all ports when VLANs are enabled
SNMP support: RFC 1213 MIB-II, RFC 1493 Bridge MIB, RFC 1398 Ethernet-like MIB,
RFC 1757 RMON1 (groups 1-4), and RFC 1573 Interface Extensions MIB compliant.
Alteon Enterprise MIB supporting the configuration and monitoring of all Alteon specific
features
Appendix A: Specifications 61
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Environmental Specifications
62 Appendix A: Specifications
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
Mechanical Specifications
Certifications
Category Compliance
EMC CISPR22, CISPR24
FCC CFR 47, Part 15, Class A
VCCI, Class A
ICES, Class A
CE EN-55022, EN-55024, EN-61000-3-2, EN-61000-3-3, EN-61000-4-2,
EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8,
EN-61000-4-11
BSMI CNS 13438 Class A
AS/NZS 3548 Class A
MIC Korea
Safety IEC 60950, with all NCB Member Differences
UL 60950
CSA 22.2 No. 60950
EN 60950
IEC 60825-1
Appendix A: Specifications 63
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
64 Appendix A: Specifications
217016-A, November 2004
Index
65
217016-A, November 2004
Alteon Switched Firewall Hardware Installation Guide
66 Index
217016-A, November 2004